Fakealerts Target Black Friday Online Shoppers

Now that the turkey and pumpkin pie has settled, and everyone’s gotten a good night’s sleep, shoppers are busily hustling the Web for the best deals. I’ve been doing the same thing, and wanted to share some of my tips that may help you avoid becoming snared in the most prolific cyberscam of the moment: fake virus alert messages (otherwise known as fakealerts).

For months, the perpetrators of this fraud have been honing their skills at targeting malicious web pages to rise in search results for whatever is in the popular zeitgeist-of-the-moment. Victims experience a computer that appears to be out of control, seemingly unable to do anything but download whatever application the fakealert forces upon them.

A typical “warning” from a malicious fakealert

Take a look at this video. Earlier in the week I tried searching for news about Black Friday or deals on the toy that appears to be the Tickle Me Elmo of 2009, the hard to find Zhu Zhu Pets. What I found were a flood of fakealert sites mixed in with the legitimate search results.

[vimeo 7825517]

The good news is, it’s not hard to avoid these fakealert sites, but you have to be an alert Web surfer, and carefully scrutinize the results before you click a link. Read on for my top six tips to shop online safely this Black Friday, Cyber Monday, or anytime this holiday season.

Sweep before you shop: Always scan your computer with a fully updated antivirus and antispyware application (a real one) before you even get to the order form on your favorite shopping site.

Carefully look at results before you click: The bad guys use various tricks to fool Google and other search engines into indexing their malicious links so they have a high “relevance” score, and therefore appear higher in the results than even a legitimate website would. One of the tricks they use is to have a large number of the same key phrase interspersed in the middle of text culled from another source. The archetypical example is a page that lifted a soliliquy from Shakespeare’s Richard III but dotted the phrase “Black Friday 2009″ around the page. Virtually all of the search results that led to fakealerts use the same technique. As you can see in the video, the pages that do this simply redirect the browser into the fakealert. You can often see a slice of the bizarre results if you read the text below the link.

Watch for hacked sites: An increasing number of hacked, legitimate websites are being used to perpetuate the fakealert scam. Using passwords stolen by keyloggers like Trojan-Phisher-Zbot, the criminals surreptitiously add a few malicious scripted pages to the legitmate site’s Web server. The site’s owner isn’t necessarily even aware this has happened until after the fact. But you can’t necessarily trust that a smaller site with an otherwise good reputation hasn’t been tampered with.

Firefox and the NoScript Add-on will help protect you: The vast majority of the scripted sites that draw unsuspecting users into fakealerts employ maliciously-created Javascript and other scripting code. The NoScript plugin prevents sites you haven’t previously visited from running scripts until you go out of your way to permit this behavior. The simple act of using this one add-on could save your bacon if you stumble upon one of these malicious pages accidentally.

When in doubt, kill your browser: If you do happen to find yourself sucked into a fakealert vortex, don’t click anywhere in the browser window. If you know how to use the Task Manager to terminate the browser application, you can do it that way. Most users will find it easier to simply use the Alt-F4 keyboard combination. Remember, you can always go back to the page you want by restarting the browser and looking at your link history.

Never click “Save” or “Open” on a fakealert popup: Fakealerts are really good at forcing the browser to start downloading a Trojan horse application, but the criminals still rely on you running the file. Never, ever click the “Open” or the “Save” button in the download dialog. If you happen to save a file to your computer, delete it — don’t run it. Once you alt-F4 the browser, these alerts will go away.

Trackbacks

[…] the line between ransomware and a simple fraud: If the fake AV is the trap, its lure is the dreaded fakealert, which aims to convince victims they are in the middle of an attack. That, and the fake […]